1. SUM303 Implementing and Troubleshooting the Citrix Receiver for Windows Christian Suarez Senior Escalation Engineer May 8, 2012

2. #CitrixSummit Tweet about this session with hashtag #SUM303 and #CitrixSummit

3. #CitrixSummit Overview of Citrix Receiver for Windows Implementing the Citrix Receiver with Merchandising Server 1- Setup Merchandising Server 2- Prepare and Download Plug-ins 3- Deploy Citrix Receiver 4- Deliver and Maintain Plug-ins Troubleshooting the Citrix Receiver Citrix Receiver for Mac Questions? Agenda 3

4. Overview of Citrix Receiver for Windows

5. desktops apps data Citrix Receiver SaaS

6. #CitrixSummit Consistent User Experience 6

7. #CitrixSummit Components 7 ComponentDefinition Citrix Receiver for Windows and Mac Software that manages and updates Citrix Plug-ins on user desktops Citrix Merchandising Server Virtual appliance responsible for managing software deliveries from IT Merchandising Server Administrator Console Web console used for configuring and managing software deliveries Citrix Update Service Service that uploads software plug-ins and MetaDataon Merchandising Servers Citrix Plug-ins Individual Citrix clientsor agents managed by Citrix Receiver http://*.citrix.com Plug-ins & MetaData and Receiver Updater

8. #CitrixSummit 101 HTTP 10110 HTTP 10110 HTTP 19 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 101101110 SSL 1011 101101110 SSL 1011 SSL 1011 101101110 101 1011011010 SSL 1011011010 SSL 101 Citrix Receiver Merchandising Server Architecture 1011011010 SSL 1011011010 Active Directory Internal End User External End User Citrix Receiver LDAP 1011010 LDAP 10110101 Administrator Console Update Service Data Center

9. #CitrixSummit Merchandising Server Requirements 9 Virtual ServerHardware Browser for Admin Console Directory Services XenServer5.x Minimum: 8 GBdiskspace 1 GB RAM Recommended: 2-8 GB RAM 2CPUs Internet Explorer 7,8, or 9 Firefox 4.x or 5 Active Directory 2003 SP2 or later VMWare vSphere4.0, ESX 3.5, VMWareServer 2.x

10. Implementing the Citrix Receiver for Windows

11. #CitrixSummit 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 101101110 SSL 1011 101101110 SSL 1011 SSL 1011 101101110 101 Data Center Merchandising Server Step 1: Building Merchandising Server 1011011010 SSL 1011011010 Active Directory LDAP 1011010 LDAP 10110101 Administrator Console Update Service 10110 HTTP 10110 HTTP 10110 HT Citrix.com C1trix321 Hostname, IP Address, Gateway and DNS FQDN to match certificates Use Static IP 101 HTTP 10110 HTTP 10110 HTTP 10110

12. #CitrixSummit Configuring Merchandising Server 12

13. #CitrixSummit Anonymous Deliveries ○ Using System Token enables Receiver to configure plug-ins without users needing to authenticate Enhanced Roaming ○ Beacon websites improves roaming and avoids interrupting users with unneccesary authentication messages Improved reporting when syncing Active Directory Merchandising Server Features 13

14. #CitrixSummit Users must authenticate with AD before downloading the Receiver User Tokens are created and kept in the registry on the client Subsequent authentication request will be suppressed Token expiration is defined in the Administrator Console (6 months default) User Authentication with User Tokens 14

15. #CitrixSummit Allows Citrix Receiver install with a system token without users needing to authenticate Kept in the registry on the client System Tokens are manually created from Merchandising Server Admin Console Reporting and delivers based on ○ Machine Name, IP Address, or Domain membership System Tokens never expire Anonymous Deliveries with System Tokens 15

16. #CitrixSummit Beacons allow the Receiver to determine whether the user is inside or outside the corporate firewall When the user must go through the VPN, Receiver prompts with the Connect to Delivery Services logon dialog As users move from place to place, Receiver and secure access plug-in will: ○ smoothly re-establish tunnels if outside the firewall ○ not establish tunnels while inside the firewall. Avoids interrupting the user with unnecessary VPN authentication pop-ups Enhanced Roaming with Beacons 16

17. #CitrixSummit Enhanced Roaming – Beacon Configuration 17

18. #CitrixSummit 101 HTTP 10110 HTTP 10110 HTTP 10110 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 101101110 SSL 1011 101101110 SSL 1011 SSL 1011 101101110 101 Data Center Merchandising Server Step 2: Downloading Plugins to Merchandising Server 1011011010 SSL 1011011010 Administrator Console Update Service 10110 HTTP 10110 HTTP 10110 HT Citrix.com /usr/local/apache-tomcat-6.0.16/webapps/appliance/WEB- INF/classes/appliance.properties https://pluginupdate.citrix.com/updateservice/ services/updateService

19. #CitrixSummit Citrix Plugins for Windows Online Self-service Secure Access Offline Single Sign-on Service Monitoring 19 Acceleration EasyCall Profile Management** XenVault

20. #CitrixSummit NEW! Citrix ShareFile Plugins for Windows ShareFile Desktop Widget ShareFile Outlook Plug-in Citrix ShareFile Plug-in for Receiver 20

21. #CitrixSummit 1011011010 SSL 1011011010 SSL 1011011 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 101101110 SSL 1011 101101110 SSL 1011 SSL 1011 101101110 101 Step 3: Delivering Citrix Receiver Updater Internal End Users External End Users Citrix Receiver Citrix Receiver for Windows Updater for Windows.NET 2.0 or later Internet Explorer 7 or 8 Firefox 2.x or 5.x Administrator Privileges Updater for Mac Mac OS 10.5, 10.6, 10.7 Updated Java Elevated Privileges Citrix Receiver for Mac Data Center

22. #CitrixSummit Receiver for Windows Installation Packages Citrix Receiver Standard - CitrixReceiver.exe 22 User experience is consistent across all Receiver platforms Full set of features like Self-Service with one-click configuration Full Citrix CloudGateway interoperability Automatic install from Web Interface or Receiver for Web Can be installed with Electronic Software Distribution (ESD) tools Ensure free space in user’s Temp directory

23. #CitrixSummit Receiver for Windows Installation Packages Citrix Receiver Enterprise - CitrixReceiverEnterprise.exe 23 Supports legacy XenApp Services, formerly PNA Services XenApp Services are limited to LAN connections Required for Smart Card Authentication Requires Administrator to install Can be installed with Electronic Software Distribution (ESD) tools

24. Ways To Deploy the Receiver for Windows Delivery MethodUser ActionRequiredWhere to apply Merchandising Server Download User authentication requiredto complete installation Managed or Unmanaged Computers dedicated to users Electronic Software Distribution(ESD) User authentication requiredto complete installation Managed Computers dedicated to users ESD withSystem Token Anonymous Deliverywith no user authentication for install or updates Managed Computers with sharingusers ExternalDownload Page via Packager User authentication requiredto complete installation RemoteUsers ExternalDownload Page via Packager and System Token Anonymous Delivery with no user authentication for install or updates Remote Users on computers identifiable by IP, Machine Name or Domain Membership Manuallyby user User authentication required after Merchandising Server added Unmanaged Computers with tech savvy users

25. #CitrixSummit Changing the Merchandising Server address on Windows Client 25

26. #CitrixSummit Installing the Receiver for Windows From Receiver for Web and Web Interface 26 Receiver for Web ○ Automatically determines if Receiver in installed ○ Receiver installation files are stored on the server with the default installation ○ Option to offer an upgrade for users with older clients Web Interface ○ WI installation prompts for media to store Receiver installation files on \Clients folder ○ Options for Client Detection and Deployment in Web Interface Console ○ Rename the CitrixReceiver.exe to CitrixOnlinePluginWeb.exe and place in directory ○ Modify WebInterface.conf file for ClientIcaWin32

27. #CitrixSummit Receiver for Windows Installation Parameters CitrixReceiver.exe [Options] and CitrixReceiverEnterprise.exe [Options] 27 /noreboot /silent /includeSSON PROPERTY=Value INSTALLDIR, CLIENT_NAME, ENABLE_DYNAMIC_CLIENT_NAME, ADDLOCAL, ALLOWADDSTORE, ALLOWSAVEPWD, ENABLE_SSON, ENABLE_KERBEROS, DEFAULT_NDSCONTEXT, LEGACYFTAICONS, SERVER_LOCATION, STARTMENUDIR, STOREx

28. #CitrixSummit Provides an installer with Receiver that optionally includes a Secure Access plug-in and a system token Packager and instructions found on the Citrix KB at CTX121355CTX121355 Three main components of the Packager: ○ Secure Access Plug-in ○ Citrix Receiver Updater ○ Self Extracting Package ○ ReceiverInstaller.exe by default Citrix Receiver Packager for Windows ReceiverInstaller.exe AGCRPackager.exe

29. #CitrixSummit Creating an External Receiver Download Page 29 Create sample page from support files from Citrix.com ○ animation.swf ○ ieTransparency.css ○ index.html ○ main.css ○ resources.js ○ img (images folder) Edit resources.js to define Merchandising Server, Server URL and installer file Web Page with ReceiverInstaller.exe download link Send URL to clients for remote access

30. #CitrixSummit Secure Access Plug-in 9.x is for Access Gateway Enterprise (AGEE) Secure Access Plug-in 4.6 for AG Standard and Advanced Enhance Roaming Integration The Access Gateway will continue to update the Secure Access plugins, NOT the Citrix Receiver Users can select nearest location when traveling Use Merchandising Server to choose fields to display to users Deploying Access Gateway Connections 30

31. #CitrixSummit Upgrades only supported from Citrix Online Plug-in 11.2 and later Removed previous version of the Online Plug-in prior to upgrading Uninstall Online Plug-in 11.0 ○ From Add/Remove Programs ○ Installer package with Remove option only if installed using a Windows Installer package Uninstall Citrix Receiver 13.x ○ Use the Citrix Receiver Updater ○ Use the /uninstall option with the Citrix Receiver executables ○ From Add/Remove Programs (only if Receiver Updater was not used to install) Upgrading the Citrix Receiver for Windows 31

32. #CitrixSummit Upgrading the Citrix Receiver for Windows Citrix Receiver Standard – CitrixReceiver.exe 32 InstalledResult No previous Citrix Online Plug-in Citrix Receiver Standard With Web access only Citrix Online Web Plug-in Citrix Online Full Plug-in with PNA and SSO No upgrade path Citrix Receiver Enterprise

33. #CitrixSummit Upgrading the Citrix Receiver for Windows Citrix Receiver Enterprise – CitrixReceiverEnterprise.exe 33 InstalledResult No previous Citrix Online Plug-in Citrix Receiver Enterprise with web access Citrix Online Web Plug-in Citrix Online Full Plug-in with PNA and SSO Citrix Receiver Enterprise configured for PNA and SSO Citrix Receiver Enterprise

34. #CitrixSummit 1011011010 SSL 1011011010 SSL 1011011 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 101101110 SSL 1011 101101110 SSL 1011 SSL 1011 101101110 101 Data Center Step 4: Delivering and Maintaining Citrix Plugins Merchandising Server

35. #CitrixSummit Creating Delivery Rules for Target Desktops 35 Rule TypeUsed For Delivering plug-ins and/or configurations... User Domain based upon user-domain membership Computer Domainbased upon a machine-domain membership Operating System based upon operating system type LDAP Users or Groups to specific users or groups no matter which computer they are on Machine Name many people share the same machine IP Address Range based upon a computer's IP address Default Delivery where ever other more specific rules do not apply

36. #CitrixSummit Metadata contains the properties and commands to ensure proper installation It includes user connection information per Citrix Plug-in Comes pre-configured but can be modified Configure customize user connection information Sample metadata files are provided on the Citrix Community Receiver Metadata Web page Modifying Plug-in Metadata 36

37. #CitrixSummit Must have Delivery Rules created At least one plugin downloaded to Merchandising Server Provide Delivery name, description, and polling frequency Select from available plugin and metadata Configuration of the Citrix Receiver Apply Delivery Rule Schedule Delivery Creating a Targeted Delivery 37 1011011010 SSL 1011011010 SSL 1011011

38. Troubleshooting the Citrix Receiver and Merchandising Server

39. #CitrixSummit Server log captures Merchandising Server and user-specific events Enable System Logging for more details Enable User Logging to add user messages to the server log Located at: /usr/local/apache-tomcat- 6.0.16/logs/appliance.log System Log (appliance.log) 39

40. #CitrixSummit From the Merchandising Server Administrators Console ○ Invalid AD credentials ○ Invalid value for Base DN ○ AD doesn't support simple authentication ○ Not permitted to logon at this time ○ Not permitted to logon from this workstation ○ User password expired ○ User account disabled Enhanced Messaging in System log Detailed Active Directory Error Messages 40

41. #CitrixSummit Detailed Client Log key for any client Receiver issue To Enable Client Logging, add –verbose to the Target line, on the Receiver.exe “C:\Program Files (x86)\Citrix\Receiver\Receiver.exe” Logs located in user profile at \Local Settings\Application Data\Citrix\Receiver\Receiver_.log ErrorLog.xml can be gathered from MS Admin console and view within console Client Logs (Receiver_.log and ErrorLog.xml) 41

42. #CitrixSummit For connections issues with Receiver, CDF Traces still works CDF Control can be found at CTX111961CTX111961 Creates CDFLogFile.etl which requires Citrix symbols to be parsed into readable messages Send to Citrix Technical Support for Detailed Analysis CDF Tracing still available for connection issues 42

43. #CitrixSummit Troubleshooting Citrix Receiver installation ISSUE: Receiver installation is not proceeding 43 Verify.NET 2.0 Framework is installed Verify that the user has administrative permissions Ensure the user credentials are entered properly, i.e. DOMAIN\user Check the supported browsers for the download page ○ IE7, IE8, Firefox 3, Safari

44. #CitrixSummit Troubleshooting Citrix Receiver updates ISSUE: Receiver shows “Plug-in updates are disabled” 44 Occurs if the client has the Terminal Services role or a Microsoft Server Edition installed Modify the Citrix Receiver shortcut or executable to run with: ○ -allowadminTSupdates Close and Reopen the Receiver More information at CTX129051CTX129051

45. #CitrixSummit Troubleshooting Receiver Plug-in updates ISSUE: User does not receive any Plug-ins 45 Check that the client is pointing to the correct Merchandising Server From user’s Control Panel > System and Security Verify that client OS is supported for the specific plug-in Verify that the rule defining the recipients matches the client's parameters Check the evaluation order of the deliveries

46. #CitrixSummit Troubleshooting Receiver Plug-in updates ISSUE: User does not receive any Plug-ins 46 Delete the client's token in the local registry and restart the client ○ HKLM\Software\Citrix\Receiver\Delivery\Filter ○ Forces user to re-authenticate to the Merchandising Server Enable verbose logging from command line (CMD) ○ XP: “C:\Program Files\Citrix\Receiver\Receiver.exe” –verbose ○ Win7 64bit/Vista 64bit: “C:\Program Files(x86)\Citrix\Receiver\Receiver.exe” –verbose On the Receiver client, select “Check for Updates” ○ Makes an immediate connection to the Merchandising Server Collect Receiver_.log from client ○ %USERPROFILE%\Local Settings\Application Data\Citrix\Receiver\receiver_.log

47. #CitrixSummit Troubleshooting Merchandising Server installation ISSUE: Network Is Unreachable 47 There is a Diagnostics menu on the Merchandising Server Console With duplicate IP addresses, a ping will show “Network is unreachable” XenServer will show unknown IP address

48. #CitrixSummit Troubleshooting Merchandising Server Web Server ISSUE: HTTPD Service Failure when using a Space in Hostname 48 The httpd fails to start and admins cannot open the Console The Apache web service cannot handle server hostname with a space ○ i.e. – “Merch Server1” Edit the hostname Restart the httpd Service: sudo /etc/init.d/httpd restart

49. #CitrixSummit Troubleshooting Merchandising Server ISSUE: User account are not enumerating in the Administrator Console 49 Merchandising Server downloads user/group list from Active Directory Server using LDAP port 389 ○ For indexed database, port 3268 significantly speeds up AD queries Stored in local PostgreSQL database ○ Select “Save and Sync” for immediate updates, i.e. when new AD users are created Base DN lists the OU where user accounts are located ○ Multiple OUs are not supported Merchandising Server can only point to one AD Server at a time More information at CTX131998 and CTX121957CTX131998CTX121957

50. #CitrixSummit Troubleshooting Merchandising Server ISSUE: "No results found“ when performing AD search 50 Verify the Base DN and ensure it is correctly formatted: OU=NewYork,OU=Americas,DC=company,DC=net Ensure object can be enumerated from the Base DN ○ Note: Only the first/last name fields are searchable from within Merchandising Server (not username) Verify that the complete domain path is included for all regions

51. #CitrixSummit Troubleshooting Merchandising Server ISSUE: The corporate AD information you have provided is invalid 51 Verify the Administrator has correct Domain permissions From the VMWare ESX Console, ping the Merchandising Server Verify the Bind DN Run Wireshark from Domain Controller ○ Filter by the Merchandising Server, i.e. ipaddr== Merchandising Server 1.2 had an issue with LDAP server signing requirements on secure connection in AD on Windows 2003 Server or Windows 2008 Server

52. #CitrixSummit Troubleshooting Merchandising Server ISSUE: Merchandising Server takes four to six hours to reboot with VMWare 52 Ensure updated virtual machine tools Upgrade hardware NICA drivers to VMXNet3 Reduce multiple Virtual CPUs to one Ensure proper certificates on the Merchandising Server Verify Merchandising Server is not a template or snapshot More information at CTX128179CTX128179

53. #CitrixSummit Troubleshooting Merchandising Server Console ISSUE: Administrator and auditors cannot logon to Administrators Console 53 And when root is used to re-add permissions, a domain user search returns nothing Ensure logon to console with domain\user format Occurs when the time zone of the VM is changed from UTC Return the time zone to UTC OR Remove the token from the client computer registry or by uninstalling and reinstalling the Citrix Receiver More information at CTX127471CTX127471

54. #CitrixSummit Troubleshooting Downloading Citrix Plug-ins ISSUE: Get New page in the Administrator Console is blank 54 Verify that the Merchandising Server has Internet access and can access Citrix.com Update Service URL is located in the appliance.properties file on the Merchandising Server. It should not be changed URL may be required to get around customer firewall rules

55. #CitrixSummit Troubleshooting Deploying Plug-in updates ISSUE: Windows7 and Vista updates fail with “ERROR: Unable to check for updates” 55 Ensure the Merchandising Server is configured with FQDN in the Hostname settings of the Network Configuration Versions of Merchandising Server prior to 2.2 did not have this requirement More information at CTX131572CTX131572

56. #CitrixSummit Troubleshooting Single Sign-on with Receiver ISSUE: Domain pass-through for Citrix Receiver is not working 56 Verify Citrix Receiver Standard is installed with the /includeSSON parameter Check single sign-on process SSONSvr.exe Verify the Web Interface Web Page or StoreFront page are correctly configured For upgrades from Online plugin 12.1, completely uninstall per CTX130813CTX130813 With Online Plugin 12.x, check WI issue from CTX124871 and CTX113004CTX124871CTX113004

57. Receiver for Mac Parity

58. #CitrixSummit Includes Online Plug-in and Self Service Plug-in Includes Access Gateway / Secure Access Plug-in integration No support for Enhanced Roaming with Beacons For Lion users, add string MacOS10.7 to platform list of plug-in metadata file No ESD installation, must be downloaded from Merchandising Server Change the Merchandising Server by changing ServerAddress field in Macintosh HD/Library/Application Support/Citrix/Receiver.cfg Citrix Receiver for Mac Parity 58

59. #CitrixSummit Creates a bundled installer of Receiver Enables Receiver delivery to users inside and outside corporate firewall Must have plugins installed and configured Select and add System Token or choose prompt users for User Tokens Select Packages ○ Receiver.dmg ○ Citrix_Access_Gateway.dmg Receiver Updater Packager for Mac Citrix Receiver Installer.dmg Citrix Receiver Packager.dmg

60. #CitrixSummit Citrix Plugins for Mac Secure Access Online Communications / Easy Call 60

61. #CitrixSummit References 61 Citrix eDocs ○ Receiver for Windows ○ http://support.citrix.com/proddocs/topic/receiver/rec-receiver-for-win.html http://support.citrix.com/proddocs/topic/receiver/rec-receiver-for-win.html ○ Merchandising Server ○ http://support.citrix.com/proddocs/topic/cloudgateway/receivers-merchandising-wrapper.html http://support.citrix.com/proddocs/topic/cloudgateway/receivers-merchandising-wrapper.html ○ Receiver for Mac ○ http://support.citrix.com/proddocs/topic/receiver/receivers-mac-wrapper.html http://support.citrix.com/proddocs/topic/receiver/receivers-mac-wrapper.html CitrixReceiver.com Citrix Knowledge Center - http://support.citrix.com/http://support.citrix.com/ CTX121355CTX121355, CTX111961, CTX129051, CTX124971, CTX131998, CTX121957, CTX128179, CTX127471, CTX131572, CTX130813, CTX124871, CTX113004CTX111961CTX129051CTX124971CTX131998CTX121957 CTX128179CTX127471CTX131572CTX130813CTX124871CTX113004

62. #CitrixSummit Tools as a Service http://Taas.Citrix.com/Beta Auto analysis health check 23 62 Data Collection Recommendations tailored to YOU 1 Quickly collect and upload your data

63. #CitrixSummit 1011011010 SSL 1011011010 SSL 101 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 101101110 SSL 1011 101101110 SSL 1011 SSL 1011 101101110 101 Data Center Merchandising Server Four Steps to Implement Internal End User External End User 101 HTTP 10110 HTTP 10110 HTTP Troubleshooting Citrix Receiver for Windows Receiver_.log ErrorLog.xml appliance.log